Tuesday, July 16, 2024
EHA

Web Hosting Company Domainfactory Hacked – Customers Sensitive Personal Data Leaked

Web hosting company Domainfactory owned support forum has been compromised and hackers leaked personal sensitive data by breaking the customer database.

A stranger who have shared internal data of several customers as a proof and confirmed the data belonged to Domainfactory.

Domainfactory is a German hosting company which is owned by GoDaddy since 2016 and this breach Officially confirmed On 6 July.

The organization initially learned of the episode on 3 July. As indicated by the data that is right now accessible, the information arrived in the hands of outer outsiders on 29 January 2018 through an information feed after a system transaction.

According to the company, On July 3, 2018, a person in the DomainFactory forum claimed access to DomainFactory customer data. We initiated a detailed investigation and found that customer data was accessed by an outside party without authorization. The access route is now secured. We contact all customers with the recommendation to update their DomainFactory passwords.

Domainfactory finally confirmed that, leaked customer data including the following sensitive data.

– Customer name 
– Company name 
– Customer number 
– Address 
– E-mail addresses – Phone 
number 
– DomainFactory Phone password 
– Date of birth
– Bank name and account number (eg IBAN or BIC) 
– Schufa score Please 

Journalist Fabian Scherschel also posted on Twitter, that he was also watching a Twitter thread “in which Lauter #Domainfactory customers ask a hacker about their data because DF does not respond to their requests” (all before Domainfactory’s disclosure).

https://twitter.com/fabsh/status/1015615555510964225

In our vital Customer Information discharge dated July 7, 2018, we have demonstrated that we as of now removal of all passwords as a prudent measure. As an outcome, we have gotten more request about which gets to ought to be changed precisely. Instructions for changing your passwords can be found here: https://www.df.eu/blog/pw/

– customer password 
– phone password 
– E-mail passwords 
– FTP / Live disk passwords 
– SSH passwords 
– MySQL database passwords 

Also company Said, We have notified the data protection authority and commissioned external experts with the investigation. The protection of the data of our customers is paramount and we regret the inconvenience this incident causes, very much.”

Also Read

How Much a Data Breach Could Cost for Enterprises and what are the Risks Involved

Key Elements and Important Steps to General Data Protection Regulation (GDPR)

Simple & Important Ways to Protect your Business from Cyber Attacks

How To Respond Cyber Incident In your Organization

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles